AWS AmazonRDS documentation change
Summary
Added Oracle 26ai agent requirements (version 24.1.0.0.v1 and specific TLS ciphers) and updated cipher suite table with Oracle version compatibility
Security assessment
Documents security requirements for new Oracle version including approved TLS ciphers. Table update adds security-relevant compatibility information but doesn't address a specific vulnerability.
Diff
diff --git a/AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md b/AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md index 3c31aab17..f6491d4e5 100644 --- a//AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md +++ b//AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md @@ -130,0 +131,19 @@ Amazon RDS supports the following settings for the Management Agent option. +###### Note + +For Oracle Database 26ai, the Management Agent option has the following requirements: + + * The only supported Management Agent version is `24.1.0.0.v1`. + + * Only the following TLS cipher suites are supported: + + * TLS_RSA_WITH_AES_256_CBC_SHA256 + + * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + + * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + + + + @@ -137,0 +157,4 @@ In the AWS GovCloud (US) Regions, 13.1 versions aren't available. + +###### Note + +For Oracle Database 26ai, the only supported agent version is `24.1.0.0.v1`. @@ -149,12 +172,12 @@ The following table lists the TLS cipher suites that the Management Agent option -Cipher suite | Agent version supported | FedRAMP compliant ----|---|--- -TLS_RSA_WITH_AES_128_CBC_SHA | All | No -TLS_RSA_WITH_AES_128_CBC_SHA256 | 13.1.0.0.v1 and higher | No -TLS_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | No -TLS_RSA_WITH_AES_256_CBC_SHA256 | 13.2.0.0.v3 and higher | No -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 13.2.0.0.v3 and higher | Yes -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | Yes -TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 13.2.0.0.v3 and higher | Yes -TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 13.2.0.0.v3 and higher | Yes -TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 13.4.0.9.v1 and higher | Yes -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 13.4.0.9.v1 and higher | Yes +Cipher suite | Agent version supported | FedRAMP compliant | Supported Oracle versions +---|---|---|--- +TLS_RSA_WITH_AES_128_CBC_SHA | All | No | 19c, 21c +TLS_RSA_WITH_AES_128_CBC_SHA256 | 13.1.0.0.v1 and higher | No | 19c, 21c +TLS_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | No | 19c, 21c +TLS_RSA_WITH_AES_256_CBC_SHA256 | 13.2.0.0.v3 and higher | No | 19c, 21c, 26ai +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 13.2.0.0.v3 and higher | Yes | 19c, 21c +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | Yes | 19c, 21c +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 13.2.0.0.v3 and higher | Yes | 19c, 21c +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 13.2.0.0.v3 and higher | Yes | 19c, 21c, 26ai +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 13.4.0.9.v1 and higher | Yes | 19c, 21c, 26ai +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 13.4.0.9.v1 and higher | Yes | 19c, 21c, 26ai